SFWR ENG 4C03 - Computer Networks & Computer Security



Similar documents
Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Cryptography and Network Security

Cryptography and Network Security Chapter 10

CSCE 465 Computer & Network Security

Notes on Network Security Prof. Hemant K. Soni

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Computer Security: Principles and Practice

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

CIS 5371 Cryptography. 8. Encryption --

Cryptography and Network Security Chapter 9

Overview of Public-Key Cryptography

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

CRYPTOGRAPHY IN NETWORK SECURITY

Lecture 6 - Cryptography

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

Symmetric Key cryptosystem

CS 758: Cryptography / Network Security

Introduction to Network Security Key Management and Distribution

Public Key Cryptography Overview

Public Key (asymmetric) Cryptography

Ch.9 Cryptography. The Graduate Center, CUNY.! CSc Theoretical Computer Science Konstantinos Vamvourellis

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Capture Resilient ElGamal Signature Protocols

Schnorr Signcryption. Combining public key encryption with Schnorr digital signature. Laura Savu, University of Bucharest, Romania

TELE 301 Network Management. Lecture 18: Network Security

Public Key Cryptography. c Eli Biham - March 30, Public Key Cryptography

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

A SOFTWARE COMPARISON OF RSA AND ECC

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

Lukasz Pater CMMS Administrator and Developer

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

CPSC 467b: Cryptography and Computer Security

Module 7 Security CS655! 7-1!

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Network Security. HIT Shimrit Tzur-David

A New Efficient Digital Signature Scheme Algorithm based on Block cipher

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

IMPROVED SECURITY MEASURES FOR DATA IN KEY EXCHANGES IN CLOUD ENVIRONMENT

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

How To Protect Your Data From Attack

The Mathematics of the RSA Public-Key Cryptosystem

Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack

CS 494/594 Computer and Network Security

Software Tool for Implementing RSA Algorithm

Chapter 10. Network Security

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Elements of Applied Cryptography Public key encryption

Introduction to Computer Security

Content Teaching Academy at James Madison University

A REVIEW ON ENHANCING DATA SECURITY IN CLOUD COMPUTING USING RSA AND AES ALGORITHMS

Principles of Network Security

City University of Hong Kong. Information on a Course offered by Department of Electronic Engineering with effect from Semester A in 2012/2013

Lecture 9: Application of Cryptography

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Chapter 7 Transport-Level Security

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, BC. From Italy (?).

Advanced Topics in Cryptography and Network Security

Chapter 7: Network security

SECURITY IN NETWORKS

3-6 Toward Realizing Privacy-Preserving IP-Traceback

AN IMPLEMENTATION OF HYBRID ENCRYPTION-DECRYPTION (RSA WITH AES AND SHA256) FOR USE IN DATA EXCHANGE BETWEEN CLIENT APPLICATIONS AND WEB SERVICES

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

RSA Attacks. By Abdulaziz Alrasheed and Fatima

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Cryptography and Network Security

Introduction. Digital Signature

Digital Signature. Raj Jain. Washington University in St. Louis

SAMPLE EXAM QUESTIONS MODULE EE5552 NETWORK SECURITY AND ENCRYPTION ECE, SCHOOL OF ENGINEERING AND DESIGN BRUNEL UNIVERSITY UXBRIDGE MIDDLESEX, UK

An Introduction to Identity-based Cryptography CSEP 590TU March 2005 Carl Youngblood

Lecture 17: Re-encryption

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Network Security Protocols

Lecture 3: One-Way Encryption, RSA Example

Security Sensor Network. Biswajit panja

Application of Automatic Variable Password Technique in Das s Remote System Authentication Scheme Using Smart Card

1 Signatures vs. MACs

Introduction to Cryptography

Table of Contents. Bibliografische Informationen digitalisiert durch

Client Server Registration Protocol

Cryptography & Digital Signatures

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Software Implementation of Gong-Harn Public-key Cryptosystem and Analysis

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Cryptography and Network Security

Transcription:

KEY MANAGEMENT SFWR ENG 4C03 - Computer Networks & Computer Security Researcher: Jayesh Patel Student No. 9909040 Revised: April 4, 2005

Introduction Key management deals with the secure generation, distribution, and storage of keys. It plays a vital role in computer security today as practical attacks on public-key systems are typically aimed at key management as opposed to the cryptographic algorithms themselves. This report will investigate the techniques used in the distribution of secret keys used to decrypt and encrypt messages with particular focus on the Diffie-Hellman distribution scheme. Essential Principles of Public-key Cryptography Public key cryptographic systems are based on one-way functions which convert plain text into ciphertext using a small amount of computing power, but whose inverse function is extremely expensive to compute. Thus, it is not feasible for someone to decipher the plain text from the ciphertext in a reasonable amount of time.⁴ The term trap door is used to describe the fact that the intended user of the ciphertext is able to decipher the ciphertext easily since he/she holds the private key. Finally, public key cryptosystems are usually based on known hard problems such as taking the discrete logarithms over a finite field (as in the case of the Diffie-Hellman key exchange). See Figure 1 for an outline of public key cryptosystems.⁴ Source: Secure Network Communications. Strong Internet Security. http://www.strongsec.com/tutorials/security.htm Figure 1. The Notion of Public Key Cryptosystems The Diffie-Hellman Key Exchange The Diffie-Hellman Key Exchange is one of the more popular and interesting methods of key distribution. It is a pubic-key cryptographic system whose sole purpose is for distributing keys. Diffie-Hellman is an example of a Key Management 2

public-key distribution scheme (PKDS) whereby it is used to exchange a single piece of information, and where the value obtained is normally used as a session key for a private-key scheme.² How Diffie-Hellman Works The Diffie-Hellman distribution scheme works as follows assuming two people, named Alice and Bob respectively, wish to exchange a key over an insecure communication channel: 1. Both Alice and Bob agree on the selection of a large prime number n, a primitive element g, and the one-way function f(x) = g% mod n (Note: both n and g are made public). 2. Alice selects a large random integer a and sends Bob the value A = g& mod n. Bob selects a large random integer b and sends Alice the value B = g' mod n. 3. Alice computes s = B& mod n (= g*+ mod n). Similarly, Bob computes s = A' mod n (= g+* mod n). 4. Alice and Bob now both share the same secret key s. The computation of x = f(¹(y) is extremely hard; therefore, someone attempting to listen to the key-exchange cannot determine s even by knowing the values of A, B, n, and g. Figure 2 illustrates a trivial example of the procedure described above for clarification purposes of the technique. Source: Secure Network Communications. Strong Internet Security. http://www.strongsec.com/tutorials/security.htm Figure 2. Diffie-Hellman Algorithm Example Key Management 3

Authentication The Diffie-Hellman key exchange is vulnerable to attacks whereby an intruder intercepts messages between the sender and receiver, and assumes the identity of the other party (often known as the man in the middle attack). Consequently, the Diffie-Hellman algorithm should be used with a form of authentication such as certificates to ensure that symmetric keys are established between legitimate parties.⁴ Advantages and Disadvantages This leads to a summary of the advantages and disadvantages of the Diffie-Hellman scheme. Its advantages are the security factors with respect to the fact that solving the discrete logarithm is very challenging, and that the shared key (i.e. the secret) is never itself transmitted over the channel.² Nonetheless, the algorithm has its share of drawbacks including the fact that there are expensive exponential operations involved, and the algorithm cannot be used to encrypt messages - it can be used for establishing a secret key only. There is also a lack of authentication.² Alternatives It is appropriate at this time to consider some of the alternatives to the Diffie-Hellman key exchange. The first option is the manual exchange of the key through a non-electronic medium. However, for obvious reasons, this method is very slow and inefficient. A second approach is to use a key distribution center (KDC) which selects a key and physically delivers it to both parties. Although this method requires secure links to the KDC or the use of another key to distribute the new key (i.e. increased cost), it is still very flexible and efficient.³ Conclusion The Diffie-Hellman key exchange algorithm has proven to be one of the most interesting key distribution schemes in use today. However, one must be aware of the fact that although the algorithm is safe against passive eavesdropping, it is not necessarily protected from active attacks (whereby an intruder impersonates one of the parties involved in the exchange). For this Key Management 4

reason, the Diffie-Hellman algorithm should be complemented with an authentication mechanism. This approach for key distribution appears to be one of the preferred methods used in practice today. Key Management 5

References 1. Charlie Kaufman, Radia Perlman, and Mike Speciner. Network Security: PRIVATE Communication in a PUBLIC World, 2nd edition. Prentice Hall, 2002. 2. Key Generation and Distribution. CSE 7349: Network Security Systems, Spring 2005. Simon Fraser University. Retrieved 25 March 2005 from the World Wide Web: http://engr.smu.edu/~nair/courses/7349/key_distribution.ppt 3. Secret Key Distribution. National Institute of Standards and Technology, Computer Security Division. Gaithersburg, MD. Retrieved 25 March 2005 from the World Wide Web: http://csrc.nist.gov/publications/nistpubs/800-7/node209.html 4. Secure Network Communications. Strong Internet Security. Retrieved 26 March 2005 from the World Wide Web: http://www.strongsec.com/tutorials/security.htm 5. Stallings, William. Introduction to Number Theory. Web Site for the Books of William Stallings. Retrieved 26, March 2005 from the World Wide Web: http://williamstallings.com/extras/security-notes/lectures/publickey.html Key Management 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information